Apache HTTP Server on Windows

The Apache HTTP Server Project itself does not provide binary releases of
software, only source code. Individual committers may provide
binary packages as a convenience, but it is not a release deliverable.

If you cannot compile the Apache HTTP Server
yourself, you can obtain a binary package from numerous binary distributions
available on the Internet.

Warning: TCP/IP networking must be installed

TCP/IP must be correctly installed, configured and running in
order to install and use Apache on Windows. If you use dial-up networking
exclusively, you may need to be connected to the internet for Apache to
correctly determine that TCP/IP is installed.

If you are installing Apache on Windows 95, 98, ME or NT 4.0,
stop

If you are installing Apache on Windows XP prior to Service Pack 3

Install the Windows XP Service Pack 3. Refer to
KB article 317949 if you need the gory details exactly why you must
not run the original Windows XP or SP1.

Warning about the Quality of Service driver

We suggest disabling the "Quality of Service" (or QoS) network driver from
Microsoft if you primarily use the machine as an Apache Server, as Apache
does not support the QoS extensions to the WinSock API.

Warning about Firewall and similar software

Most Firewall programs, Web Spam filters and other TCP/IP driver-based
products (including spyware!) do not correctly implement the entire WinSock
API. The shortcuts taken by the developers of such products cause Apache
to fail. If you insist on leaving such programs installed, and have
problems with your Apache installation, consider the suggestion below.

If you encounter problems running Apache 2 under Windows, such as
corrupted or incomplete file downloads, unexplained error messages, or
a conflict with a software firewall, please place the following three
directives in your httpd.conf configuration file to see if they eliminate
the problems:

The general problem is that many people install various add-ons to
windows (such as software firewalls, virus checkers, etc) that break
some of the advanced functionality that Apache uses to speed the
sending of files. The above directives turn off the advanced
functionality and make Apache fall back to more basic (but slower)
techniques. This resolves most, but not all of the potential problems.
If you continue to experience problems, be certain that there is no
spyware installed on the box, which exhibits exactly the same sorts
of flaws (often more obviously).

If you encounter problems installing Apache .msi distributions, we have
provided the TROUBLESHOOTING page
to help you diagnose and fix most common installation problems.

Do not report configuration or installation questions as bugs!

The Apache User Support Mailing List and the
comp.infosystems.www.servers.ms-windows newsgroup both provide
peer to peer support. Pose your question or problem on only one forum
at a time. If you do not follow these guidelines, your questions and
pleas for assistance will likely go unanswered. To learn how to get
questions answered effectively, you might want to read
How to Ask Questions the Smart Way written by Eric S. Raymond
and Rick Moen - which is a very good primer for end users to learn to
pose effective questions to their fellow users and the project's
developers. (NOTE they will only help you learn to ask questions,
Eric and Rick do not provide you help with Apache HTTP Server!)

The -win32-x86-no_ssl.msi packages do not contain any cryptographic software,
such as OpenSSL, mod_ssl, nor https: enabled utilities.

The -win32-x86-openssl-(version).msi package includes an https: enabled
abs.exe utility, mod_ssl.so TLS/SSL protocol module, and a binary
distribution of the specified version of OpenSSL. Please review the
Cryptographic Software Notice carefully before
downloading, using or redistributing this package.

Looking for an older version? Please, don't. There
have been a number of essential bug and security fixes with the evolving
support for Apache under Win32. Most critically, there were several
denial of service, arbitrary code execution and other vulnerabilities
affecting Win32 in previous releases. Please, avoid all earlier versions.
That said;

Only current, recommended releases are available from www.apache.org
and the mirror sites. Older releases, and their corresponding debugging
-symbols.zip packages, can be obtained from the archive site.

You can find a corresponding -win32-x86-symbols.zip archive of the
debugging databases in the symbols/
directory, these are typically not needed. This -win32-x86-symbols.zip
archive can be unpacked into the Apache installation directory, providing
all of the .pdb diagnostic files allowing most Win32 debugging tools
(and the Dr. Watson utility) to produce useful crash analysis.

You will find the source code package in the
/dist/httpd/ source tree. The -win32-src.zip file
contains only source and build files, and contains
no binary executable files.

This binary release was created with Visual Studio 6.0, using a more recent
Platform SDK for the ldap api. It includes zlib1.dll for mod_deflate.so.

This distribution may include software that has been designed for use with
cryptographic software. The country in which you currently reside may have
restrictions on the import, possession, use, and/or re-export to another
country, of encryption software. BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the import,
possession, or use, and re-export of encryption software, to see if this is
permitted. See http://www.wassenaar.org/
for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security
(BIS), has classified this software as Export Commodity Control Number (ECCN)
5D002.C.1, which includes information security software using or performing
cryptographic functions with asymmetric algorithms. The form and manner of
this Apache Software Foundation distribution makes it eligible for export
under the License Exception ENC Technology Software Unrestricted (TSU)
exception (see the BIS Export Administration Regulations, Section 740.13)
for both object code and source code.

The following provides more details on the included files that may be
subject to export controls on cryptographic software:

Apache httpd 2 includes the mod_ssl module under modules/ssl/ for
configuring and listening to connections over SSL encrypted network sockets
by performing calls to a general-purpose encryption library, such as OpenSSL
or the operating system's platform-specific SSL facilities.

In addition, some versions of apr-util provide an abstract interface for
SSL encrypted network sockets in the files under the directory
srclib/apr-util/ssl/ that makes use of a general-purpose encryption library,
such as OpenSSL or the operating system's platform-specific SSL facilities.
Apache httpd currently does not use that apr-util interface.

Some object code distributions of Apache httpd, indicated with the word
"crypto" in the package name, may include object code for the OpenSSL
encryption library as distributed in open source form from
http://www.openssl.org/source/.

The above files are optional and may be removed if the cryptographic
functionality is not desired or needs to be excluded from redistribution.
Distribution packages of Apache httpd that include the word "nossl" in the
package name have been created without the above files and are therefore not
subject to this notice.